<?php
defined('_ACCESS') or die( 'Direct Access to this location is not allowed.' );
defined('_LOCATION') or die( 'Direct Access to this location is not allowed.' );

//global $db;

//$db=new DbConnector();

if (isset( $_POST['submit'] ))
{
	$usrname 	= $_POST['usrname'];
	$pass 		= md5($_POST['pass']);
	if (!$pass)
	{
		echo "<script>alert('Введите пароль');";
		echo "document.location.href='index.php';</script>\n";
		exit();
	}
	$res=$db->query('SELECT * FROM users WHERE username=\''.$usrname.'\' AND password=\''.$pass.'\' LIMIT 0,1');
	if($cur_res =  $db->fetchObject($res))
	{		
		$db->setSetting('usrname', $cur_res->username);
		$db->setSetting('pass', $cur_res->password);	
		$db->setSetting('uname', $cur_res->name);
		$db->setSetting('Filial_id', $cur_res->filial_link);		
		$db->setSetting('User_id', $cur_res->id);
		$db->setSetting('Lang', $cur_res->lang);
		$db->setSetting('ViewDate', date("d.m.Y"));
		$db->setSetting('ViewDateRel', "now");
		
		
		
	
		if ( $cur_res->usertype === "admin" ) 
		{
			$db->setSetting('access', 'admin');
		}
		elseif($cur_res->usertype === "user") 
		{
			$db->setSetting('access', 'user');			
			echo "<script>document.location.href='index.php';</script>\n";
			exit() ; 
		}			
		elseif($cur_res->usertype === "boss") 
		{
			$db->setSetting('access', 'boss');			
			echo "<script>document.location.href='index.php';</script>\n";
			exit() ; 
		}
		else $db->setSetting('access', null);		
	}
	else
	{
		echo "<script>alert('Неправильное Имя или Пароль. Попробуйте снова');";
		echo"document.location.href='index.php';</script>\n";
		exit();
	}	
}
else
{
	if ( !isset($_SESSION['usrname']) and !isset($_SESSION['pass']) )
	{
		echo "<script>alert('Чтобы зайти на эту страницу необходимо ввести Имя и Пароль');";
		echo "document.location.href='index.php';</script>\n";
		exit();
	}
}
?>